Debian Bug report logs - #341346
libapache2-mod-php4: mod-php should be configured to use a Apache handler

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Pierre Métras <genepi@sympatico.ca>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libapache2-mod-php4: mod-php should be configured to use a Apache handler

Date: Wed, 30 Nov 2005 00:00:13 -0500

Package: libapache2-mod-php4
Version: 4:4.3.10-16
Severity: normal

An extract from libapache2-mod-security documentation states the problem better
than I can explain:

"In Apache theory, a response to a request is generated by a
so-called handler. If there is a handler attached to a request it
should be considered to be of a dynamic nature. In practice, however,
Apache can be configured to server dynamic pages without a handler
(it then chooses the module based on the resource MIME type). This will
happen, for example, if you configure PHP as instructed in the main
distribution:

	AddType application/x-httpd-php .php

While this works, it isn't entirely correct. However, if you replace the
above line with the following:

	AddHandler application/x-httpd-php .php
	
PHP will work just as well, Apache will have a handler assigned to the
request, and audit logger will be able to log selectively."

So, changing the /etc/apache2/mods-available/php4.conf file to be:

<IfModule mod_php4.c>
  AddHandler application/x-httpd-php .php .phtml .php3
  AddHandler application/x-httpd-php-source .phps
</IfModule>

will allow libapache2-mod-security to audit and protect PHP pages.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=fr_CA, LC_CTYPE=fr_CA (charmap=ISO-8859-1)

Versions of packages libapache2-mod-php4 depends on:
ii  apache2-mpm-prefork    2.0.54-5          traditional model for Apache2
ii  libbz2-1.0             1.0.2-7           high-quality block-sorting file co
ii  libc6                  2.3.2.ds1-22      GNU C Library: Shared libraries an
ii  libcomerr2             1.37-2sarge1      common error description library
ii  libdb4.2               4.2.52-18         Berkeley v4.2 Database Libraries [
ii  libexpat1              1.95.8-3          XML parsing C library - runtime li
ii  libkrb53               1.3.6-2sarge2     MIT Kerberos runtime libraries
ii  libmagic1              4.12-1            File type determination library us
ii  libpcre3               4.5-1.2sarge1     Perl 5 Compatible Regular Expressi
ii  libssl0.9.7            0.9.7e-3sarge1    SSL shared libraries
ii  libzzip-0-12           0.12.83-4         library providing read access on Z
ii  mime-support           3.28-1            MIME files 'mime.types' & 'mailcap
ii  php4-common            4:4.3.10-16       Common files for packages built fr
ii  zlib1g                 1:1.2.2-4.sarge.2 compression library - runtime

-- no debconf information

Message #10 received at 341346@bugs.debian.org (full text, mbox, reply):

From: Daniel Lakeland <dlakelan@street-artists.org>

To: 341346@bugs.debian.org

Subject: PHP randomly deciding not to execute on apache 2.2

Date: Fri, 8 Dec 2006 08:42:33 -0800

This bug may be biting us harder now that apache 2.2 is available.

When I upgraded to apache 2.2 various things broke including
squirrelmail and the egroupware login. 

The symptom was that some php pages would happily load (like drupal),
while others would try to download the raw PHP code (squirrelmail
login and egroupware login).

Adding the "AddHandler" lines to /etc/apache2/mods-enabled/php4.conf
after the existing "AddType" lines *seemed* to resolve the problem.

This is a relatively simple fix that may prevent a lot of
headache. Please consider implementing it soon.

If you like it may be useful to add a new bug related to this
intermittent php unparsed downloading so that others can find this
"fix".



-- 
Daniel Lakeland
dlakelan@street-artists.org
http://www.street-artists.org/~dlakelan

Message #15 received at 341346@bugs.debian.org (full text, mbox, reply):

From: Lucas Nussbaum <lucas@lucas-nussbaum.net>

To: 370375@bugs.debian.org, 341346@bugs.debian.org, 392839@bugs.debian.org, 298052@bugs.debian.org, 424937@bugs.debian.org, 410549@bugs.debian.org, 386041@bugs.debian.org, 271856@bugs.debian.org, 456728@bugs.debian.org, 264806@bugs.debian.org, 323585@bugs.debian.org, control@bugs.debian.org, libapache2-mod-php5@packages.debian.org

Subject: Reassigning bugs from libapache2-mod-php4 to libapache2-mod-php5

Date: Mon, 05 May 2008 10:19:37 +0200

reassign 370375 libapache2-mod-php5
reassign 341346 libapache2-mod-php5
reassign 392839 libapache2-mod-php5
reassign 298052 libapache2-mod-php5
reassign 424937 libapache2-mod-php5
reassign 410549 libapache2-mod-php5
reassign 386041 libapache2-mod-php5
reassign 271856 libapache2-mod-php5
reassign 456728 libapache2-mod-php5
reassign 264806 libapache2-mod-php5
reassign 323585 libapache2-mod-php5
thanks

The libapache2-mod-php4 package has been removed from Debian testing, unstable and
experimental. I am reassigning its bugs to the libapache2-mod-php5 package. Please
have a look at them, and close them if they don't apply to
libapache2-mod-php5 anymore.

Don't hesitate to reply to this mail if you have any question.
-- 
Lucas

Message #24 received at 341346-quiet@bugs.debian.org (full text, mbox, reply):

From: sean finney <seanius@debian.org>

To: control@bugs.debian.org

Cc: 370375-quiet@bugs.debian.org, 341346-quiet@bugs.debian.org, 392839-quiet@bugs.debian.org, 298052-quiet@bugs.debian.org, 424937-quiet@bugs.debian.org, 410549-quiet@bugs.debian.org, 386041-quiet@bugs.debian.org, 271856-quiet@bugs.debian.org, 456728-quiet@bugs.debian.org, 264806-quiet@bugs.debian.org, 323585-quiet@bugs.debian.org, Lucas Nussbaum <lucas@lucas-nussbaum.net>, pkg-php-maint@lists.alioth.debian.org

Subject: please don't

Date: Wed, 23 Jul 2008 22:09:52 +0200

[Message part 1 (text/plain, inline)]

reassign 370375 libapache2-mod-php4
reassign 341346 libapache2-mod-php4
reassign 392839 libapache2-mod-php4
reassign 298052 libapache2-mod-php4
reassign 424937 libapache2-mod-php4
reassign 410549 libapache2-mod-php4
reassign 386041 libapache2-mod-php4
reassign 271856 libapache2-mod-php4
reassign 456728 libapache2-mod-php4
reassign 264806 libapache2-mod-php4
reassign 323585 libapache2-mod-php4
thanks

this is not the first time someone has done a mass-reassignment on old php4 
bugs.  blindly reassigning bugs from php4->php5 is not the proper protocol 
here.  just because php4 will not be in lenny does not mean that it is not 
still in debian.  furthermore, if the bug affected php5 it should have 
already been cloned to php5.


thanks,
	sean

[signature.asc (application/pgp-signature, inline)]

Message #29 received at 341346-done@bugs.debian.org (full text, mbox, reply):

From: Marco Rodrigues <gothicx@gmail.com>

To: 341346-done@bugs.debian.org

Subject: Package libapache2-mod-php4 has been removed from Debian

Date: Wed, 24 Mar 2010 20:50:50 +0000 (WET)

Version: 6:4.4.6-2+rm

You filed the bug http://bugs.debian.org/341346 in Debian BTS
against the package libapache2-mod-php4. I'm closing it at *unstable*, but it will
remain open for older distributions.

For more information about this package's removal, read
http://bugs.debian.org/428266. That bug might give the reasons why
this package was removed and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

--
Marco Rodrigues

Send a report that this bug log contains spam.